implementing-network-access-control-with-cisco-ise

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains hard-coded secrets (RADIUS shared secret C0mpl3x$3cretKey!, server-key lines, CTS password CtsP@ss, test password testpass, and explicit instructions to place domain admin credentials) inside configuration snippets, which the agent would need to reproduce verbatim in generated configs/commands.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I flagged a literal RADIUS/shared-secret value: "C0mpl3x$3cretKey!" — it is a specific, non-placeholder password used multiple times as a RADIUS Shared Secret and server-key in the example configs (Network Device block, radius server entries, aaa server radius dynamic-author client server-key). This matches the definition of a secret (a concrete complex password that grants access to RADIUS/ISE).

Ignored items and why:

• "CtsP@ss" (cts credentials id ... password CtsP@ss) — short/low-entropy example-like password; treated as a low-security/setup example and ignored.
• "testpass" in "test aaa server radius ... password testpass" — clearly a test/example password; ignored.
• SNMP community string — name shown but no literal value provided (placeholder).
• Usernames (radius-test, testuser) and other config values (IP addresses, VLAN names, ACL names) — not secrets.